The two above-mentioned exploit kits jostle for top spot on the evilware charts, with speedy exploitation of Flash vulnerabilities giving one the edge over the other. Damage inflicted to industry also counts for plenty, while interest from authorities isn't good for business.

Neutrino is now slinging the revamped Cryptolocker 2 (or crypt0l0cker as it is known by criminals) ransomware and variants of the Kovter malware family exploiting Flash (CVE-2015-7645) to hit user machines.

"The campaign was just launched this morning and it has injected malicious script code into legitimate websites," Heimdal security bod Andra Zaharia says.

"This new campaign also comes with added surreptitious tricks: Google Blackhat SEO (search engine optimisation) poisoning and an immediate focus on using Flash Player vulnerabilities as a distribution vector."

The exploit kit can now determine if browsers and Flash player installs are vulnerable, and is flying below antivirus detection.

Competitor RIG is targeting Adobe titles including Flash, Reader, and Acrobat, along with Microsoft Silverlight, with its third iteration spreading through Google SEO poisoning.